This post is at: ForumFeatures Wanted
13 posts / 0 new
Last post
diffen
diffen's picture
Joined: 2009/10/31
Points: 0

Hello

We are using a lot of SNOM phones and we are also using the SNOM auto-provisioning tool.

The tool is a perl script that authenticates against a provisioning server at SNOM. All the phones are default configured to go to the SNOM auto-provisioning server.

What we add to the SNOM auto-provisioning server is the MAC address of the phone and a new provision address. So when a new phone is configured you just need to plug it in and it will go to the SNOM server then to ours and then get the config file from our server and firmware. Really neat.

What I wish is that this script and a delete script will be implemented into Thirdlane. I wonder if its not possible to add the login and password for the SNOM auto-provisioning site on a tenant level and then when a SNOM phone are provisioned in Thirdlane the registration.pl script with the phones macaddress are sent to SNOM.

Br

Jörgen Andersson

eeman
eeman's picture
Joined: 2007/11/06
Points: 290

you'll need to do that via custom programming, by using the event hooks and your own custom scripting. I cannot see any situation where thirdlane would take on the liability of transmitting working usernames and passwords to third party entities. If your credit card info isn't safe (as evident by the countless recurring theft of hundreds of thousands of numbers at a time) do you not realize what a cash-cow breaking into this SNOM database would be? A single Thirdlane customer got hit with $11,000 (yes eleven thousand) in damages from illegally made international calls in a very short time by a compromised account. He had to eat that cost. If thirdlane were to build this code and SNOM got compromised, they could face real lawsuits on damages for not better securing the process. Many variables are passed along as enviroment variables to the event hook allowing you to program just about anything you want.

Erik Smith
dCAP
Thirdlane/Asterisk Support available
esmith.bgnv@gmail.com

diffen
diffen's picture
Joined: 2009/10/31
Points: 0

Hello Erik,

Hmm the service is completely free from SNOM so no credit cards are involved.

Here is what the python script looks like:

from xmlrpclib import ServerProxy, Error

server = ServerProxy("username:password@provisioning.snom.com:8083/xmlrpc", verbose=False, allow_none=True)
server.network.echo("ping")
server.redirect.registerPhoneList(["mac-address"], "thirdlane provisioning address.")

You receive the login and password from SNOM by filling out a form from them. You can read more here: http://wiki.snom.com/Features/Auto_Provisioning/Redirection

Is it possible that Thirdlane can be held responsible for anything? I mean there are just empty fields where the PBX owner or the Tenant enter the username and password.

Best regards

Jörgen Andersson

Svenska IP-Telefonibolaget AB

eeman
eeman's picture
Joined: 2007/11/06
Points: 290

you missed the credit card point entirely. If banking institutions cant keep credit cards safe, what hope does SNOM have keeping your sip passwords safe. If those get compromised then its a cash cow to the same people who setup these international profit sharing numbers. Some jerk in Palestine is making $11k worth of international calls to a specific number in palestine of which he probably gets 50%. If he can do that on a single compromised account, how many billions can he cause in damages if he gets access to that entire database by using SQL injection hacks that are used to get credit card info?

Erik Smith
dCAP
Thirdlane/Asterisk Support available
esmith.bgnv@gmail.com

diffen
diffen's picture
Joined: 2009/10/31
Points: 0

Hello Erik,

I think you missed out here. The only thing that are changed in the phone are the following.

http://wiki.snom.com/Web_Interface/V8/Advanced#Update

The setting URL that are default set to http://provisioning.snom.com/snomXXX/snomXXX.php?mac={mac} will be changed to your provisioning server.

So no SIP account settings or anything are stored up on SNOMs servers. Just a link to your provisioning site. So when a customer buys a new phone you just add the mac address and send it up to SNOM using the above python script and then SNOM redirect the phone automatic. If you do a factory reset the SNOM phone will go to http://provisioning.snom.com/snomXXX/snomXXX.php?mac={mac} and try to provisioning. The SNOM server will then change the http://provisioning.snom.com/snomXXX/snomXXX.php?mac={mac} to provisioning.bluegrassnet.com for example.

So there are no SIP involved or anything like that :)

Sorry, but im not that good in trying explaining stuff.

Best regards

Jörgen Andersson

Svenska IP-Telefonibolaget AB

eeman
eeman's picture
Joined: 2007/11/06
Points: 290

oh, well in that case all you really need is event hooks for devices then, to execute your perl script that can be easily modified to pull the mac from the environment variables. The extension event hook might already have the mac address in the data when you create it. What happens if a customer leave you and goes to a new ITSP? how does SNOM deal with 2 different entities claiming the same MAC address?

Erik Smith
dCAP
Thirdlane/Asterisk Support available
esmith.bgnv@gmail.com

diffen
diffen's picture
Joined: 2009/10/31
Points: 0

Hello Erik,

There are a deregister script that can be ran too so what i figure is that when you remove a device from the provisioning, Thirdlane runs the deregister script so the device will be removed from SNOM.

I tried to add two of the same MAC address in the script now but it didn´t return any error. My guess is that the latest entry in their database are the one that are working.

Hmmm im not that good with python scripting and so on. Where am I supposed to find the eventhooks? I can only find when a tenant and user extension have been made.

I would really love to help out implementing this but I guess I need some help on the way.

Best regards

Jörgen Andersson

Svenska IP-Telefonibolaget AB

eeman
eeman's picture
Joined: 2007/11/06
Points: 290

right now user/extension is the only one available to do what you're working on. But if the mac is in the environment thats all you'll need.

here is how to dump the list of environment variables..

make a test script /usr/local/sbin/printenv.sh

#!/bin/bash
rm /tmp/environment
echo $1 $2 $3 $4 > /tmp/environment
printenv >> /tmp/environment

then add this full path to your create user event hook and go add a test user with a test mac address

then go view the /tmp/environment file to get a list of all the variables available to you via the hooks. Look to see if one includes the mac you just put in when you created the user.

Erik Smith
dCAP
Thirdlane/Asterisk Support available
esmith.bgnv@gmail.com

diffen
diffen's picture
Joined: 2009/10/31
Points: 0

Hello Erik,

Unfortunately the mac address was not represented in the output file. Do you have any other solutions?

Best regards

Jörgen Andersson

Svenska IP-Telefonibolaget AB

eeman
eeman's picture
Joined: 2007/11/06
Points: 290

I almost forgot that there are hooks built into models.txt, the linksys phones used them.

example:
command_1=/usr/local/sbin/linksys_reload.pl ${mac}

I need some credentials to tinker with this script a bit

Erik Smith
dCAP
Thirdlane/Asterisk Support available
esmith.bgnv@gmail.com

eeman
eeman's picture
Joined: 2007/11/06
Points: 290

send me your credentials if you want me to modify the example python code to accept command line arguments.

Erik Smith
dCAP
Thirdlane/Asterisk Support available
esmith.bgnv@gmail.com

eeman
eeman's picture
Joined: 2007/11/06
Points: 290

first grap this file

http://downloads.snom.net/documentation/rpc-env.tgz

put the PyLib/httplib.py in /usr/local/lib/python/

then create this file xmlrpcredirection.py file in /usr/local/sbin/ (this forum wordwraps so watch out for that). Make sure to replace the placeholder entries like your user/pass and provisioning url with your own.

#!/usr/bin/python
import sys
sys.path.insert(0, "/usr/local/lib/python")
from xmlrpclib import ServerProxy, Error
server = ServerProxy("https://username:password@provisioning.snom.com:8083/xmlrpc", verbose=False, allow_none=True)
server.network.echo("ping")
print server.redirect.deregisterPhone(sys.argv[1])
print server.redirect.registerPhone(sys.argv[1], "http://your.host.com/provisioning/snom3xx.cfg")

make sure to set the file executable
chmod +x /usr/local/lib/python/xmlrpcredirection.py

then add the command_1 option to your customized models.txt , example:

[snom-320]
label=Snom 320
lines=12
phone_template=snom3xx_phone.cfg
line_template=snom3xx_line.cfg
blf_template=snom3xx_blf.cfg
speeddial_template=snom3xx_speeddial.cfg
output=snom3xx-${MAC}.cfg
input_1=snom3xx_settings.cfg
output_1=snom3xx.cfg
command_1=/usr/local/lib/python/xmlrpcredirection.py ${MAC}

Erik Smith
dCAP
Thirdlane/Asterisk Support available
esmith.bgnv@gmail.com

diffen
diffen's picture
Joined: 2009/10/31
Points: 0

Hello Erik,

Thank you very much. It works perfectly. Hope that this will be a permanent add to the Thirdlane platform in the future.

Best regards

Jörgen Andersson

Svenska IP-Telefonibolaget AB